REMARKS 

Reconsideration of the application in view of the following remarks is 
respectfully requested. No claims have been added, cancelled, or amended. Thus, 
Claims 1, 3-17, and 19-32 are currently pending in the application. 

Claim Rejections - 35 U.S.C. $ 103(a) 

Claims 3 and 19 stand objected to as being dependent upon a rejected base claim, 
but would be allowable if rewritten in independent form. 

Claims 1, 4-17, and 20-32 stand rejected under 35 U.S.C. § 103(a) as allegedly 
being anticipated by U.S. Patent No. 5,842,002 issued to Schnurer et al. ("Schnurer") in 
view of U.S. Patent No. 6,357,008 issued to Nachenberg ("Nachenberg"). 

Applicant respectfully traverses. 



Independent Claim 1 
With regard to independent Claim 1, there is recited: 

A computer-implemented method for executing an untrusted program, 
comprising: 

establishing a limited environment within a general environment, wherein 
said limited environment comprises at least one mock resource, wherein said 
general environment comprises at least one real resource, wherein said limited 
environment and said general environment are both provided by the same 
operating system, and wherein programs executing within said limited 
environment cannot access the one or more real resources in said general 
environment; 

executing at least a portion of an untrusted program within said limited 
environment; and 

examining said limited environment after execution of at least said portion 
of said untrusted program to check for undesirable behavior exhibited by said 
untrusted program (emphasis added). 
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Claim 1 provides an advantageous method for executing an untrusted program. 
According to Claim 1, a computer-implemented method establishes a limited 
environment within a general environment. The general environment comprises one or 
more real resources, while the limited environment comprises one or more mock 
resources. The general environment and the limited environment are both provided by 
the same operating system. Programs executed within the limited environment cannot 
access the one or more real resources of the general environment. The limited 
environment is examined after execution of the untrusted program to check for 
undesirable behavior exhibited by the untrusted program. Advantageously, the behavior 
of the untrusted program may be verified without putting the real resources in the general 
environment at risk. 

Claim 1 recites the feature of "wherein said limited environment and said general 

environment are both provided by the same operating system." The Office Action 

acknowledges, "Schnurer does not specifically teach wherein said limited environment 

and said general environment are both provided by the same operating system." Instead, 

the Office Action relies upon Nachenberg to show this feature by stating: 

Nachenberg teaches an antivirus program that includes a decryption, 
exploration and evaluation phases/modules causing a CPU emulator with 
virtual memory to simulate untrusted programs/instructions [Nachenburg, 
col. 1, lines 16-20; col. 5, lines 27-40; col. 6, lines 52-58; col. 7, line 31 - 
col. 8, line 47]. 

However, Nachenberg fails to teach or suggest that the same operating system 
provides both a limited environment and a general environment. FIG. 1 of Nachenberg 
clearly shows that the antivirus main 151, the decryption module 152, the exploration 
module 154, the evaluation module 156, the CPU emulator 158, and the virtual memory 
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160 are se parate and distinct from the.operation system 150. Thus, it is clear from FIG. 
1, and the corresponding description, of Nachenberg that any act or function that is 
performed by the antivirus main 151, the decryption module 152, the exploration module 
154, the evaluation module 156, the CPU emulator 158, or the virtual memory 160 is not 
provided by the operating system 150. 

Instead, the rationale of the Office Action appears to be based on the notion that a 
function performed by application software executing on a machine, which is also 
executing an operating system, is provided by the operating system, rather than the 
application software. This is incorrect, as the application software is the entity that is 
responsible for the performance of the function, and without the application software 
executing on the machine, the function would not be performed. For example, in the 
approach of Nachenberg, the operating system 150 does not cause a CPU emulator with 
virtual memory to simulate untrusted programs/instructions, but rather the execution of 
the antivirus program does. The operating system 150 of Nachenberg does not provide 
any functionality analogous to a limited environment as claimed. 

As a result, Nachenberg fails to disclose, teach, or suggest numerous elements of 
Claim 1. For example, Claim 1 features "wherein said limited environment and said 
general environment are both provided by the same operating system." The Office 
Action argues that this feature is shown by Nachenberg 's antivirus program. However, 
assuming, arguendo, that Nachenberg 's antivirus program is analogous to a limited 
environment, it is clear from FIG. 1 that the Nachenberg 's antivirus program is not 
provided by an operating system, let alone the same operating system that is providing 
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the general environment. Consequently, Nachenberg cannot disclose, teach, or suggest 
this feature of Claim 1. 

As a result, even if Schnurer and Nachenberg were combined (assuming, 
arguendo, that it would have been obvious to combine the references), the resulting 
combination would still fail to disclose, teach, or suggest elements of Claim 1. 
Consequently, Claim 1 is patentable over the cited art and is in condition for allowance. 

Claims 3-17 and 19-32 

Claims 3-16 are dependent claims, each of which depends (directly or indirectly) 
from Claim 1. Each of Claims 3-16 is therefore allowable for at least the reasons given 
above with respect to Claim 1. In addition, each of Claims 3-16 introduces one or more 
additional limitations that independently render it patentable. Due to the fundamental 
differences already identified, to expedite the positive resolution of this case, a separate 
discussion of the limitations of Claims 3-16 is not included at this time. The Applicant 
reserves the right to further point out the differences between the cited art and the novel 
features recited in the dependent claims at a later time. 

Claims 17 and 19-32 include limitations similar to Claims 1 and 3-16 respectively, 
except in the context of computer-readable media. It is therefore respectfully submitted 
that Claims 17 and 19-32 are patentable over Schnurer for at least the reasons given 
above with respect to Claims 1 and 3-16. 
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CONCLUSION 



For the reasons given above, the Applicant submits that the pending claims are 
patentable over the art of record, including the art cited but not applied. Accordingly, 

allowance of all pending claims is respectfully solicited. 

The Examiner is invited to telephone the undersigned at (408) 414-1225 to 
discuss any issue that may advance prosecution. 

No fee is believed to be due specifically in connection with this Reply. The 
Commissioner is authorized to charge any fee that may be due in connection with this 
Reply to our Deposit Account No. 50-1302. 



Respectfully submitted, 



HICKMAN PALERMO TRUONG & BECKER LLP 



Dated: October 21, 2005 



ChristophefJ . Brokaw 
Reg. No. 45,620 




2055 Gateway Place, Suite 550 
San Jose, California 951 10-1089 
Telephone No.: (408) 414-1080 ext. 225 
Facsimile No.: (408)414-1076 
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